This paper systematized existing knowledge on cybersecurity and privacy game-based approaches, exploring their goals, scope, and evaluation methods. Our review of 93 academic papers revealed that these approaches serve multiple purposes and target diverse player types. We identified 11 key aspects of cybersecurity and privacy that these approaches addressed, such as threats, defensive strategies, and data privacy. Additionally, we analyzed the effectiveness evaluation methods of these approaches, emphasizing the connections between evaluation techniques, types of data used, and their alignment with the approaches' goals. We also summarized the aspects of user experience evaluated in the literature and the types of questions used to capture these experiences. Reflecting on these methods, we provide guidance for future research and practice in designing and evaluating game-based approaches. Finally, we identify key gaps and propose opportunities to enhance user understanding, foster adaptability, and address emerging cybersecurity and privacy challenges.
https://dl.acm.org/doi/10.1145/3706598.3713798
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)